Tag: hackerletters

Christmas holidays is soon here but before that it’s time to see what I’ve read this week. I’ve been playing with legacy Java EE 5 development and came across System Integrity Protection in OS X which prevents you of installing JDK 5. And on top of that I just wish I could run OC4J with JDK 5 on Docker as you can do for WebLogic 12.2.1. In security point of view there was startling announcement as Juniper Networks had found backdoor in their firewalls code. We also learn the basics of web accessibility and if you’re not using dotfiles and you’re on Linux or OS X, now is a good time to start.

The web accessibility basics
List of absolute web accessibility basics every web developer should know about and which are extremely easy to implement but matter a lot. Next time you build something, consider incorporating those few things. (from WDRL 117)

Tools

WebLogic 12.2.1 on Docker
Interesting article with examples of how to run WebLogic 12.2.1 on Docker as I just played with Vagrant and Ansible for creating legacy Java EE 5 development environment with OC4J. Maybe in the future legacy environments are easier to manage as you can virtualize them more easily.

To think about

One Googler’s take on managing your time
If you don’t have time to read this… read it twice. The maker’s day is most effective in half-day or full-day blocks. Commit to protecting Make Time on your calendar including the time and place where you’ll be making, and ideally detail on what you’ll be making. That way, you know, it’ll actually happen.

Security

Detect and disconnect WiFi cameras in that AirBnB you’re staying in
There have been a few too many stories lately of AirBnB hosts caught spying on their guests with WiFi cameras, using DropCam cameras in particular. Here’s a quick script that will detect two popular brands of WiFi cameras during your stay and disconnect them in turn.

Researchers Solve Juniper Backdoor Mystery; Signs Point to NSA
Internal code review pays off for Juniper. This week Juniper Networks revealed in a startling announcement that it had found “unauthorized” code embedded in an operating system running on some of its firewalls, ScreenOS. As the terrific summary of the Juniper backdoor explains, it allowed attackers to take complete control of Juniper NetScreen firewalls. This is a very good showcase for why backdoors are really something governments should not have in these types of devices because at some point it will backfire when other hackers will piggyback on top of existing backdoor to build their own backdoor.

Instagram’s Million Dollar Bug
tl;dr; Security researcher finds remote code execution vulnerability in Instagram which pivots to getting all kinds of data from AWS S3 but Facebook CSO plays it down to trivial and a thing which violates the poorly worded whitehat program rules. The point of this story is that Facebook fails on their bug bounty program as their actions show that it would be better just to “sell million dollar bugs on the black market for a million dollars” and not get threaten with legal actions for just being a good guy.

Something different

This week there are couple of books to read which helps you to learn functional programming, realize that you don’t know JavaScript and helps you to build Kanban board with Webpack and React. Also you can read thoughts on securing OS X, get some information about Spring Boot memory performance and read about reasonable approach to React and JSX. Happy reading.

Issue 4, 2015-12-16

Technical

Hibernate Logging Guide
Logging database queries with Hibernate is relatively easy but it’s good to recall the logging options. Like use different log categories and don’t use show_sql to log SQL queries.

You Don’t Know JS (book series)
Series of books diving deep into the core mechanisms of the JavaScript language. The series is released in GitHub as drafts, free to read and you can get buy them through O’Reilly.

SurviveJS – Webpack and ReactSurviveJS – Webpack and React shows you how to build a simple Kanban application based on these technologies. There’s a free online version of the book and Leanpub version with extra content.

Good to know

OS X security and privacy guide
Collection of thoughts on securing a modern Apple Mac computer using OS X 10.11 “El Capitan”, as well as steps to improving online privacy. Targeted to “power users”.

Something different

Empire of Code
Empire of Code is a space game with a mix of strategy, tactics and coding.
You can play the game with or without coding skills, but knowing how to code will definitely give you an advantage. Unleash your Python and JavaScript skills.

It has been rainy week here in Finland with pre-christmas parties (again) and also our 98th independence day. Yay! This weeks articles are about JavaScript, Microservices, User experience and tutorial for ToDo app with React.js.

Issue #3, 2015-12-09

Technical

Advancing JavaScript without breaking the Web
Christian Heilmann presented earlier this year at the MunichJS meetup how the advancements in ECMAScript (aka JavaScript) are a great opportunity, but also a challenge for the web. His article with slides and video takes a look at how whilst adding new, important features we’re also running the danger of breaking backwards compatibility.

Building for HTTP/2
Rebecca Murphey shares the fresh concepts of HTTP/2 and how it will affect our tool and build-chain for JavaScript applications. A few good thoughts in there that we can keep in mind to optimize the delivery of large-scale front-end applications. (from WDRL 115)

Gadgets

Raspberry Pi Zero: the $5 computer
Raspberry Pi gets even smaller and cheaper with the Zero and provides almost the same processing power as the original. Unfortunately they sold out quickly and didn’t get one yet. (from Hacker News)

Something different

Weekly notes are here again and I have to say that the week has passed swiftly. With all the pre-christmas parties and switching jobs, I also managed to read some articles. Here are my chosen articles for this week.

Segment’s Engineering Team’s Best Practices
There are lots of “Best Practices” you gather while working with things and Segment’s Engineering Team chose a handful of ‘pro tips’ to share that seemed most broadly applicable. They keep their engineering guidelines in Wiki page. Do you? (from Weekend reading)

Broken Performance Tools (pdf)
Good overview to performance tools and how to be cautious using them as they are broken and misleading. Trust nothing, verify everything. Observe, Profile and Visualize Everything. Benchmark Nothing. Do Active Benchmarking. (from IRC)

Tools of the trade

1Password for teams
Passwords are everywhere and 1Password for team sharing is said to be better than Meldium, OneLogin or Bitium. It has fantastic UI, works great on mobile, can share logins, WiFi, credit cards, notes and documents. (from Weekend reading)

To think about

Seriously, Don’t Use Icon Fonts
I’m not sure what’s my opinion about using icon fonts and by reading the comments the issue isn’t quite clear. SVG browser support is fine so there is no need to use icon fonts anymore as it can harm accessibility. (from Web Design Weekly)

Buffer’s Transparent salaries
Salaries seems to be a thing you don’t talk about but maybe we should. Couple of years ago Buffer shared their transparent salary formula and now they have update it and made a web app to test it. Haven’t seen similar approaches here in Finland although if I remember right Vincit has internally transparent salaries.
(from Web Development Reading List)

Chrome Extensions – AKA Total Absence of Privacy
Using extensions should be done with care as they aren’t always what they look like. Some Chrome extensions are constantly tracking you per default, making it very difficult or impossible for you to opt-out. These extensions will receive your complete browsing history, all your cookies, your secret access-tokens used for authentication (i.e., Facebook Connect) and shared links from sites such as Dropbox and Google Drive. (from Weekend reading)

For some time I’ve been reading several newsletters to keep note what happens in the field of software development and the intention was also to share the interesting parts here. And now it’s time to move from intent to action.

In the new “Weekly notes” series I share what interesting articles I have read with short comments. The overall topic is technology but other than that they can cover all things related to software development, from web applications to mobile development and from devops to user experience. I’ll publish my reading list every week or every two weeks.

I also tweet about interesting topics so follow me on Twitter: Follow @walokra

Modern Java – A Guide to Java 8
Java 8 brings quite a lot of new things like default interface methods, lambda expressions, method references and repeatable annotations. This tutorial guides you step by step through all new language features. (from Hacker News)

Something different

How snowmaking works
If the Mother Nature isn’t doing its job and making snow, we can do it by ourselves. Important topic as couple of Winters even here in Finland have been mild and it’s not looking good this year either. “A resort that can guarantee 5+ inches of powder every day is a license to print money.” (from Hacker News)